Security researchers who analyzed the patches mostly agreed over which patch is the most pressing to apply: MS12-60. The vulnerability, which impacts Windows Common Controls, is similar to an issue patched in April. According to Microsoft, "limited, targeted" exploits have been spotted that take advantage of the flaw.

"It affects all platforms of Windows and addresses an ActiveX component that's redistributed in many places in Windows," said Paul Henry, security and forensic analyst at Lumension. "It's an issue that was previously patched, and this month's patch cleans up the previous one. This is a very high priority update because it's native in Windows and impacts all Windows platforms."

Adobe, meanwhile, offered updates to its Reader, Acrobat, Shockwave Player and Flash Player products. Reader/Acrobat were upgraded to plug 20 vulnerabilities, Shockwave received five patches and Flash received one fix.

But it was the Flash update that is most important. Adobe said in an advisory that the vulnerability is being actively exploited by attackers in "limited, targeted attacks" against users of Flash for Internet Explorer in Windows.

Microsoft offered a number of other fixes that piqued researchers' interests.

Get SC Media delivered to your inbox

SC Media Featured White Paper of the Day

SC Media Newswire

SC Media Product/Industry Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.